Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
0
Helpful
2
Replies

ISE : DOT1X - MAB

Joris Deprouw
Level 1
Level 1

‎11-19-2013 06:52 AM - edited ‎03-10-2019 09:06 PM

Hi all,

I'm trying to understand the posibilities of the ISE. I would like to configure host authentication without the client having to enter credentials for a second time after logging on to his pc.

Is this possible with DOT1X?

As far as I understand you have to enter your credentials twice. 1 time for windows logon and a second time in the supplicant (eg. Cisco Anyconnect) which sends the EAPOL start frame to the authenticator (switch).

MAB could works without user interference, but is bypassable when you spoof a mac address.

Is there another possibility to set this up?

Maybe I'm asking obvious questions, but I'm a ISE newbie.

Thanks,

Joris                  

Labels:
0 Helpful
2 Replies 2

Peter Koltl
Level 7
Level 7

‎11-22-2013 02:10 PM

Both the Windows supplicant and the Cisco supplicant sends the credentials automatically so there is no need to type the password twice.

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎11-24-2013 02:46 AM

Check the doc for Configure the Windows Native Supplicant

Preview file
127 KB
0 Helpful
Customers Also Viewed These Support Documents